A web attack is a plan to exploit weaknesses on the web page, or parts of it. The attacks may involve the content of a website, a web application or server. Websites provide a variety of opportunities for attackers. They can gain unauthorised access to websites, obtain confidential information or introduce malicious content.
Attackers often search for vulnerabilities in a website’s content or structure to gain access to data, control the website or cause harm to users. Common attacks include brute force attacks, cross-site scripting (XSS), and attacks against uploads of files. Other attacks are carried out using social engineering, such as malware attacks and phishing which include trojans, ransomware or spyware.
The most frequent attacks on websites attack the web application, which consists of the hardware and software that websites use to display information to its visitors. Hackers are able to attack an application on the web by exploiting its weaknesses, which include SQL injection cross-site request forgery and reflection-based XSS.
SQL injection attacks exploit the databases which web applications rely on to store and deliver content. These attacks could expose sensitive data, such as passwords, account logins and credit card numbers.
Cross-site scripting attacks exploit flaws in the code of websites to display untrusted images or text, hijack session information, and redirect users to phishing sites. Reflective XSS can also allow an attacker to execute any code.
A man-in-the-middle attack happens when a third party intercepts the communications between you and the web server. The third party is then able to modify the messages as well as spoof certificates and alter DNS responses, and the list goes on. This is a method to control online activities.